Not surprisingly, the glow that surrounded network access control in its formative years has mostly dissipated. Early adopters--usually those who had to implement NAC to meet internal or external requirements for control and reporting--have deployed the technology and taken their knocks. Many of them shared their stories via our third annual InformationWeek NAC survey.

In a nutshell, we found that adoption took these cutting-edge companies longer than expected, and what they're getting out of NAC is slightly different from what they had planned. Moreover, with upward of 20 companies still calling themselves NAC providers, the market is ripe for consolidation. This year already we've seen three vendors exit the space, but even as they go, a few startups are entering.

What they'll find is a skeptical consumer base: Two years ago, 50% of companies said they were deploying NAC. Now just 22% make that claim. Those hardy souls still evaluating NAC face a spotty track record; a long implementation cycle; and, depending on their requirements for control at the network edge, an eye-popping price tag. Add to that the continued evolution of just what this technology does, and you've got a recipe for disillusionment.

Ultimately, the shift to a critical mass of NAC adoption may happen slowly, as enterprises gain access to next-gen edge-switch features like 802.1X authentication. These niceties will come as we upgrade our networks; however, even though upgrades will facilitate deploying NAC, NAC won't drive many network upgrades.

For organizations that can sit tight, delay may not be a bad thing. Relying on edge switches to serve as enforcers leaves NAC vendors to concentrate on policy engines, management interfaces, and reporting systems that meet regulatory compliance needs. And while you've lingered, the love/hate struggle that exists among Cisco, Microsoft, and the Trusted Computing Group--home to more infrastructure vendors--will have worked itself out a bit.

Maybe.